From df9cbe62dde2c4e84c0bf92ddaf8059b0d1e6a78 Mon Sep 17 00:00:00 2001 From: Piotr Goczal Date: Fri, 24 Apr 2020 15:13:48 +0200 Subject: [PATCH 1/3] Added posibility to limit users access by user_regexp parameter MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Piotr Goczał --- README.md | 7 +++++-- lib/imap.php | 13 ++++++++++++- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 0bad94b..9e83390 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,7 @@ IMAP user and password need to be given for the Nextcloud login. ### Configuration -The parameters are `host, port, sslmode, domain`. +The parameters are `host, port, sslmode, domain, user_regexp`. Possible values for sslmode are `ssl` or `tls`. Add the following to your `config.php`: @@ -70,7 +70,7 @@ Add the following to your `config.php`: array( 'class' => 'OC_User_IMAP', 'arguments' => array( - '127.0.0.1', 993, 'ssl', 'example.com', true, false + '127.0.0.1', 993, 'ssl', 'example.com', true, false, '^user[0-9]?$|^admin_user$|^other_admin_user$' ), ), ), @@ -88,6 +88,9 @@ the rest used as username in Nextcloud. e.g. 'username@example.com' will be the user, it is added to a group corresponding to the name of the domain part of the address. +In case when not all email account should have access to nexclodu platform you can limit allowed users adding optional user_regexp setting. +That should be PHP preg_match patern. Be carreful with these setting especially with ^$ chars. Without ^$ patern 'user1' will match also 'other_user10' account! + **⚠⚠ Warning:** If you are [**upgrading** from versions **<0.6.0**](https://github.com/nextcloud/user_external/releases/tag/v0.6.0), beside adapting your `config.php` you also have to change the `backend` column in the `users_external` table of the database. In your pre 0.6.0 database it may look like `{127.0.0.1:993/imap/ssl/readonly}INBOX` or similar, but now it has to be just `127.0.0.1` for everything to work flawless again. ⚠⚠ diff --git a/lib/imap.php b/lib/imap.php index da6089d..86d7925 100644 --- a/lib/imap.php +++ b/lib/imap.php @@ -35,7 +35,7 @@ class OC_User_IMAP extends \OCA\user_external\Base { * @param boolean $stripeDomain (whether to stripe the domain part from the username or not) * @param boolean $groupDomain (whether to add the usere to a group corresponding to the domain of the address) */ - public function __construct($mailbox, $port = null, $sslmode = null, $domain = null, $stripeDomain = true, $groupDomain = false) { + public function __construct($mailbox, $port = null, $sslmode = null, $domain = null, $stripeDomain = true, $groupDomain = false, $user_regexp = null) { parent::__construct($mailbox); $this->mailbox = $mailbox; $this->port = $port === null ? 143 : $port; @@ -43,6 +43,7 @@ public function __construct($mailbox, $port = null, $sslmode = null, $domain = n $this->domain = $domain === null ? '' : $domain; $this->stripeDomain = $stripeDomain; $this->groupDomain = $groupDomain; + $this->user_regexp = $user_regexp === null ? '' : $user_regexp; } /** @@ -80,6 +81,16 @@ public function checkPassword($uid, $password) { $username = $uid; } + if ($this->user_regexp != '') { + if (!preg_match('/'.$this->user_regexp.'/', $username)) { + OC::$server->getLogger()->error( + 'ERROR: User:'.$username.' does NOT match user regexp: '.$this->user_regexp, + ['app' => 'user_external'] + ); + return false; + } + } + $groups = []; if ($this->groupDomain && $pieces[1]) { $groups[] = $pieces[1]; From fce659569e0d8c504819863b481ac1d582693cda Mon Sep 17 00:00:00 2001 From: bilbolodz Date: Fri, 24 Apr 2020 15:16:59 +0200 Subject: [PATCH 2/3] Update README.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Piotr Goczał --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9e83390..ff513a2 100644 --- a/README.md +++ b/README.md @@ -88,7 +88,7 @@ the rest used as username in Nextcloud. e.g. 'username@example.com' will be the user, it is added to a group corresponding to the name of the domain part of the address. -In case when not all email account should have access to nexclodu platform you can limit allowed users adding optional user_regexp setting. +In case when not all email accounts should have access to nexcloud platform you can limit allowed users adding optional user_regexp setting. That should be PHP preg_match patern. Be carreful with these setting especially with ^$ chars. Without ^$ patern 'user1' will match also 'other_user10' account! **⚠⚠ Warning:** If you are [**upgrading** from versions **<0.6.0**](https://github.com/nextcloud/user_external/releases/tag/v0.6.0), beside adapting your `config.php` you also have to change the `backend` column in the `users_external` table of the database. In your pre 0.6.0 database it may look like `{127.0.0.1:993/imap/ssl/readonly}INBOX` or similar, but now it has to be just `127.0.0.1` for everything to work flawless again. ⚠⚠ From 2e24ece716178fb25a50976af49d6ff7806bfd0a Mon Sep 17 00:00:00 2001 From: bilbolodz Date: Wed, 20 May 2020 08:58:17 +0200 Subject: [PATCH 3/3] Update imap.php MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Piotr Goczał --- lib/imap.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/imap.php b/lib/imap.php index 86d7925..65a0c4a 100644 --- a/lib/imap.php +++ b/lib/imap.php @@ -81,7 +81,7 @@ public function checkPassword($uid, $password) { $username = $uid; } - if ($this->user_regexp != '') { + if ($this->user_regexp !== '') { if (!preg_match('/'.$this->user_regexp.'/', $username)) { OC::$server->getLogger()->error( 'ERROR: User:'.$username.' does NOT match user regexp: '.$this->user_regexp,